forum.lissyara.su

Title Improving layer2 filtering in FreeBSD

Student Gleb Kurtsov

Mentor Andrew Thompson

Abstract

FreeBSD has support for layer2 filtering with ipfw only. I propose add
support for layer2 filtering in pfil. Update ipfw to honor pfil layer2
hooks. Also add mtag containing source and destination layer2 addresses
to every mbuf. Update ipfw layer2 not to touch ip headers, but to use
mentioned mtags to do MAC-IP filtering. Next I'd like to introduce
MAC-IP filtering in pf firewall using mentioned mtags. Improve ARP:
'staticarp' option is almost useless in real world situations (like
routed traffic), so I'll add 'learn' option that will permit host to
send ARP request on interface.